/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.epam.expertsys.web;

import com.epam.expertsys.dbconn.PatientDAOH2;
import com.epam.expertsys.blogic.Patient;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.sql.SQLException;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;

/**
 *
 * @author Admin
 */
public class AuthFilter implements Filter {

    private static Logger log = Logger.getLogger(AuthFilter.class);
    private FilterConfig filterConfig = null;

    public AuthFilter() {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain)
            throws IOException, ServletException {



        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        HttpSession session = req.getSession();

        if (Boolean.TRUE.equals((Boolean) session.getAttribute("authorized"))
                && session.getAttribute("login") != null) {
            chain.doFilter(req, resp);
        } else {
            PatientDAOH2 patDAO = (PatientDAOH2) (session.getServletContext().getAttribute("patientDAO"));

            Patient patient = null;

            String login = req.getParameter("login");
            String password = req.getParameter("password");

            if (login == null) {
                RequestDispatcher reqDisp = req.getRequestDispatcher("/login.jsp");
                reqDisp.forward(req, resp);
            } else {

                if (password == null) {
                    password = "";
                }

                try {
                    patient = patDAO.getPatientByLogin(login);
                } catch (SQLException e) {
                    //patient with this login not found
                }


                if (patient == null) {
                    req.setAttribute("noSuchUser", Boolean.TRUE);
                    req.removeAttribute("wrongPassword");

                    RequestDispatcher reqDisp = req.getRequestDispatcher("/login.jsp");
                    reqDisp.forward(req, resp);

                } else if (!password.equals(patient.getPassword())) {
                    req.setAttribute("wrongPassword", Boolean.TRUE);
                    req.removeAttribute("noSuchUser");

                    RequestDispatcher reqDisp = req.getRequestDispatcher("/login.jsp");
                    reqDisp.forward(req, resp);
                } else {
                    log.info("User " + login + " logged in");
                    session.setAttribute("authorized", Boolean.TRUE);
                    session.setAttribute("login", login);
                    req.removeAttribute("noSuchUser");
                    req.removeAttribute("wrongPassword");

                    chain.doFilter(req, resp);
                }
            }
        }




    }

    /**
     * Return the filter configuration object for this filter.
     */
    public void destroy() {
    }

    /**
     * Init method for this filter 
     */
    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;

    }
    /**
     * Return a String representation of this object.
     */
}
